Implications of a common private keys directory in 2.1

Carola Grunwald caro at
Tue Nov 29 00:00:51 CET 2016

Andrew Gallagher <andrewg at> wrote:

>On 26/11/16 01:17, Carola Grunwald wrote:
>> WME encoding, remailing and nym handling are done completely at the
>> proxy. You can use any, even the most primitive PGP-unaware MUA to send
>> and receive standard mail and Usenet messages, crypto and anonymization
>> capabilities are provided by the proxy.
>I understand how this would be useful for people with limited clients,
>but is it really worth it to worry about disclosing metadata at the
>server when you're leaking plaintext at the client?

Leaking what to whom? I don't quite understand what you mean.

Do you mean the raw message the client sends to the proxy server?

But that's within the LAN and protected by a direct SSL/TLS encrypted
MUA-proxy connection. And if you're outside your LAN with your client
then you may use an end-to-end encrypted Tor .onion connection to your
proxy's service.

And at the proxy your messages' metadata are cut down to what's
mandatory to transfer the information.

>I was assuming that the end user would have a PGP-capable client. In
>the case where the end user does not have PGP, would it not be safer to
>use webmail over TLS? At least you won't leak plaintext...

I hope that's addressed above.

No problem to set up a local webmail system and connect it with the
outer world through the proxy's SMTP and POP3 server.

Btw, nearly all proxy parameters relevant for message processing can be
controlled by adding certain custom headers to the message itself
(normal vs. anonymous routing, remailer chain length, WME activation,
message header items that have to be removed, whether the WME or nym
public key have to be added to the header section and so on).

>> By signing all WME messages of all your nym accounts with an identical
>> key, your imaginary proxy server key, you disclose that all of them
>> originate from the same server.
>Doesn't the return path leak this info anyway? Unless you're talking
>about one-shot messages with no return path, in which case why sign at all?

If you need to remain anonymous towards your communication partner you
have to involve a nym server, which holds your pseudonymous mailbox and
provides your mail address. Replies sent there are PK-encrypted with
your nym's key (signed with the nym server's key), then sent through 1+
Cypherpunk remailers (the first one at the nym server's location) to its
destination, which can be either your true mail address or, more secure,
a newsgroup (preferably alt.anonymous.messages) from where you can
download it anonymously e.g through the Tor network. Each of the
Cypherpunk remailers the message passes adds a symmetric encryption
layer. The remailer routing and the passphrases they have to use were,
defined by the nym user, packed into a so called reply-block and sent to
the nym server with the initial nym creation message as described in

Kind regards


More information about the Gnupg-users mailing list